Here are a few precautions that you could take while using your credit and debit cards at various points of use

One can never be too careful when it comes to using credit and debit cards. Constant vigil is a must while executing even the most routine transactions - be it online, or offline at point-of-sale (PoS) terminals in hotels, malls, shops, etc.

Sure, most users take precautions to safeguard their passwords and other security parameters. Also, with the Reserve Bank of India mandating two-factor authentication, thus adding another layer of safety to prevent online frauds, credit card transactions have certainly become more secure. Now, similar action is likely in the offline setup, too. Recognising the need to further tighten the security of 'card-present' transactions, the banking regulator had instituted a working group, which has submitted a report with recommendations, including the issue of chip cards and additional PINs (personal identification numbers) for such transactions. While these measures have to be initiated by the regulator and the bank, you, too, can take certain steps to check any slippages at your end.

AT POS terminals

Here's a quick memory test: How many times have you handed over your card to the hotel staff to make a payment, while being seated at your dinner table? The chances are that you would be doing this all the time. After all, it is very convenient and seems like a routine thing to do - the attendant takes your card, swipes it for the payment amount and returns with the counterfoil. Since you need to sign this charge-slip, the entire chain is secure, you would assume. However, this may not always be the case. For one, your card may be cloned - that is, duplicated to be misused using the information on its magnetic strip - if the staff has a devious motive. Likewise, even lost or stolen cards can be used to make purchases.

"Merchants are supposed to verify that the card-holder's signature on the charge-slip matches with that at the back of the card. Most merchants do not check this diligently or the signatures look very similar. Hence, stolen cards can be easily misused by miscreants before the real card holders realise that they have lost the card," says Shyamal Saxena, general manager, retail banking products, Standard Chartered Bank. Also, be alert while authenticating the slips. "Ensure that the cashier swipes the card in your presence, check the amount on the transaction slip before signing and also save the receipts to check them against monthly statements," advises Sandeep Bhalla, business head, credit payment products, Citibank India.

AT ATMS

In many ATMs, there is no screen or partition to block others' view while you punch your ATM PIN (personal identification number). This could make your card vulnerable to misuse if it is stolen, as both the plastic and the PIN would have been compromised. Therefore, you need to take some precautions. "When the PIN is to be entered at the ATM or at a PoS, one should keep his hand above the keypad to prevent the capture of PIN by any third person or by any camera device kept by any fraudster," says Sameer Nemavarkar, CEO, Atos Worldline India, an electronic payment services company.

IN THE VIRTUAL WORLD

With an increasing number of users paying their bills and making purchases online, they face the danger of falling victims to malpractices like phishing. Essentially, this involves tricking the user into disclosing his/her passwords or other sensitive details through fraudulent mails masquerading as official communication from banks or the regulator. You should remember that banks (as is often communicated to the users) never ask for such information. Therefore, avoid falling into such traps. Also, while visiting a bank or other sites where payment transactions are involved, it is ideal to confirm the correct URL before proceeding further. Portals designed to look like the real ones are potential traps. As the RBI working group report notes, online frauds have come down after the introduction of the two-factor authentication system, which mandates additional password for conducting transactions online. However, it would be of little use if you end up presenting all the passwords to fraudsters on a platter. Therefore, you need to make sure you do your best to prevent fraudsters from gaining access to your CVV (card verification value), PIN or other details.

FOREIGN WEBSITES

Be especially careful while choosing international websites to carry out transactions. Ensuring that the sites are genuine and reliable is critical, especially because two-factor authentication may not be always applicable to them. "The mandate laid down by the RBI is applicable to banks operating in India. However, debit/credit cards issued in India can be used on foreign websites as well. The payment gateway providers on such websites may be banks outside India and would not fall under the purview of the RBI. Hence, on such websites, transactions can still go through by just entering the card number, expiry date and CVC (card verification code) or CVV. If these credentials are compromised, the risk of misuse remains," says Bhavin Mody, senior product manager, Electra-Card Services. CVV is a three-digit number printed on the back of your card.

As per the rules, the two-factor authentication framework is applicable to all transactions, even on foreign websites, using cards issued in India, if there is no outflow of foreign exchange. "Therefore, transactions that do entail forex outgo will not necessitate the additional password," he adds.

SAFEGUARD YOUR CVV

Despite the two-factor authentication process, the CVV number continues to be an important security parameter that needs to be kept under wraps. While this is a commonly-known fact, many users tend to ignore this when they have to submit copies of their cards as an authenticating document or while creating a charge. "Cardholders should avoid submitting their debit/credit card copies. However, under certain conditions where one has to submit a copy of the card's front and back portions, the CVC/CVV should be struck out," says Mody of ElectraCard.

AVOID PUBLIC SPACES

It is not uncommon to see users paying their bills online at cybercafés, an act that carries huge risk. It is best to use only your personal computer at home for the purpose; or if you have a computer assigned exclusively to you at work. Not only do computers in public spaces offer opportunities to scamsters, but are also vulnerable due to lack of adequate anti-virus software applications, or to spyware installed with fraudulent intentions.

KEEP YOUR BANK IN THE LOOP

Though plastic cards are said to offer a more convenient and safer method for transactions when compared with cash, they do not absolve you of your responsibility to be watchful. Any suspicious transaction should be reported to your bank immediately and to do that, you need to be on your guard at all times. "Most banks provide alerts to mobile phones or email IDs of card holders for transactions done on the card; customers must update their correct email ids and mobile phone numbers so that they can be alerted if any transaction happens on their card," says Saxena of StanChart. Keeping your bank's customer care number handy for reporting card loss will also go a long way in preventing, or at least containing, the damage.

Source : ET